seeking some guidance on TLS configuration from promtail to loki

[Zack May]

I'm hoping this group can either help me or point me in the proper direction for a loki configuration question. 

I'm trying to establish a secure connection via TLS between my promtail client and loki server.  I am unable to figure out how to make this happen.  It appears I'm able to get promtail configure to send content via TLS with the below block within the config file.  However when I try to configure loki for TLS I'm hitting a road block, and I'm unable to find the documentation stating how to.
Promtail snip it that seems to be working:
clients:
  - url: http://10.0.0.111:3100/loki/api/v1/push
    batchwait: 1s
    batchsize: 102400 # ~100KB
    tls_config:
      ca_file: /etc/loki/certs/myCA.pem
      cert_file: /etc/loki/certs/loki-local.crt
      key_file: /etc/loki/certs/loki-local.key

Loki attempts.
ExecStart=/usr/local/bin/loki -config.file /etc/loki/loki-config.yaml -server.http-tls-ca-path /etc/loki/certs/myCA.pem -server.http-tls-cert-path /etc/loki/certs/loki-local.crt -server.http-tls-key-path /etc/loki/certs/loki-local.key

Other various configuration changes within the yaml config, but non have worked.  From what I've read setting this in systemd is proper, but the error I get is below.
caller=log.go:106 msg="error running loki" err="error generating http tls config: Client CA's have been configured without a Client Auth Policy\nerror initialising module: server\ngith>

Any help is appreciated.
Thanks
Zack